delta

2024-04-05 23:45:55 +02:00 · 2024-04-05 23:45:55 +02:00 · 0c97189dd5
parent 4d8e16cbfb
commit 0c97189dd5
5 changed files with 122 additions and 13 deletions
--- a/flake.nix
+++ b/flake.nix
@ -50,17 +50,17 @@
    formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;

    nixosConfigurations = {
-      # Home desktop
-      omega = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
+      # Hetzner VPS
+      alpha = nixpkgs.lib.nixosSystem {
+        system = "aarch64-linux";
        specialArgs = inputs; # pass flake inputs to modules
-        modules = [./hosts/omega];
+        modules = [./hosts/alpha];
      };
-      # Laptop
-      zeta = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
+      # Hetzner VPS
+      delta = nixpkgs.lib.nixosSystem {
+        system = "aarch64-linux";
        specialArgs = inputs; # pass flake inputs to modules
-        modules = [./hosts/zeta];
+        modules = [./hosts/delta];
      };
      # Work laptop
      mu = nixpkgs.lib.nixosSystem {
@ -68,11 +68,11 @@
        specialArgs = inputs; # pass flake inputs to modules
        modules = [./hosts/mu];
      };
-      # Hetzner VPS
-      alpha = nixpkgs.lib.nixosSystem {
-        system = "aarch64-linux";
+      # Home desktop
+      omega = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
        specialArgs = inputs; # pass flake inputs to modules
-        modules = [./hosts/alpha];
+        modules = [./hosts/omega];
      };
      # Home Server
      sigma = nixpkgs.lib.nixosSystem {
@ -86,6 +86,12 @@
        specialArgs = inputs; # pass flake inputs to modules
        modules = [./hosts/tor];
      };
+      # Laptop
+      zeta = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = inputs; # pass flake inputs to modules
+        modules = [./hosts/zeta];
+      };
    };
  };
 }
--- a/hosts/delta/default.nix
+++ b/hosts/delta/default.nix
@ -0,0 +1,36 @@
+{...}: {
+  imports = [
+    ../../overlays
+    ../../modules/base
+    ../../modules/server
+    ./hardware.nix
+    ./network.nix
+  ];
+
+  networking.hostName = "delta";
+
+  boot = {
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot.enable = true;
+    };
+    initrd.luks.devices.crypted.device = "/dev/disk/by-label/crypted";
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+
+  # This value determines the Home Manager release that your
+  # configuration is compatible with. This helps avoid breakage
+  # when a new Home Manager release introduces backwards
+  # incompatible changes.
+  # You can update Home Manager without changing this value. See
+  # the Home Manager release notes for a list of state version
+  # changes in each release.
+  home-manager.users.caspervk.home.stateVersion = "23.11"; # Did you read the comment?
+}
--- a/hosts/delta/hardware.nix
+++ b/hosts/delta/hardware.nix
@ -0,0 +1,43 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  # https://nixos.wiki/wiki/Install_NixOS_on_Hetzner_Cloud
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod"];
+  boot.initrd.kernelModules = ["dm-snapshot" "virtio_gpu"];
+  boot.kernelParams = ["console=tty"];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
+
+  # https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
+  fileSystems."/" = {
+    device = "none";
+    fsType = "tmpfs";
+    options = ["defaults" "size=2G" "mode=755"]; # mode=755 so only root can write to those files
+  };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/BOOT";
+    fsType = "vfat";
+  };
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-label/nix";
+    neededForBoot = true;
+    fsType = "ext4";
+  };
+
+  swapDevices = [
+    {
+      device = "/nix/persist/swapfile";
+      size = 4 * 1024; # 4 GiB
+    }
+  ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}
--- a/hosts/delta/network.nix
+++ b/hosts/delta/network.nix
@ -0,0 +1,23 @@
+{...}: {
+  systemd.network = {
+    # Main interface
+    # https://nixos.wiki/wiki/Install_NixOS_on_Hetzner_Cloud
+    networks."10-lan" = {
+      name = "enp1s0";
+      address = [
+        "116.203.20.97/32" # TODO
+        "2a01:4f8:c2c:6005::/64" # TODO
+      ];
+      routes = [
+        {routeConfig = {Destination = "172.31.1.1";};}
+        {
+          routeConfig = {
+            Gateway = "172.31.1.1";
+            GatewayOnLink = true;
+          };
+        }
+        {routeConfig = {Gateway = "fe80::1";};}
+      ];
+    };
+  };
+}
--- a/modules/base/ssh.nix
+++ b/modules/base/ssh.nix
@ -18,7 +18,8 @@
  # ssh-keyscan -t ed25519 alpha
  programs.ssh.knownHosts = {
    "alpha".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGOpQNEmmEe6jr7Mv37ozokvtTSd1I3SmUU1tpCSNTkc";
-    "delta".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0x9oImZjIhoPEwLlHVixIh7y1Kwn+SX17xffrdRzvv";
+    "delta".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFe9RpnO1/QRU81kjtEsWN66xfP5Y/qf5EQZ6wdM/XCT";
+    "delta-old".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0x9oImZjIhoPEwLlHVixIh7y1Kwn+SX17xffrdRzvv";
    "lambda".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEEd354UBnQi4xhjtJtKs4yVXuOkKY0svk+YHCm/pG46";
    "sigma".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4Kvx/lcFRvl7KlxqqhrJ32h3FzuzyLA5BNB42+p92c";
    "sigma-old".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2Qrh0tpR5YawiYvcPGC4OSnu4//ge1eVdiBDLrTbCx";